Skip to content

Commit

Permalink
policy: update to kube-rs v0.85 and friends
Browse files Browse the repository at this point in the history
This commit backports PR #11255 to Linkerd stable-2.13.x.

This branch updates the policy-controller's dependency on Kubert to
v0.18, `kube-rs` to v0.85, `k8s-gateway-api` to v0.13, and `k8s-openapi`
to v0.19.

All of these crates depend on `kube-rs` and `k8s-openapi`, so they must
all be updated together in one commit. Therefore, this branch updates
all these dependencies.
  • Loading branch information
hawkw committed Aug 28, 2023
1 parent 7b54511 commit 2ab21b6
Show file tree
Hide file tree
Showing 10 changed files with 353 additions and 243 deletions.
526 changes: 311 additions & 215 deletions Cargo.lock

Large diffs are not rendered by default.

10 changes: 8 additions & 2 deletions deny.toml
Original file line number Diff line number Diff line change
Expand Up @@ -56,15 +56,21 @@ wildcards = "allow"
highlight = "all"
deny = []
skip = [
# Waiting on h2, tonic, etc
{ name = "tokio-util", version = "0.6" },
# `rustls-pemfile` and `k8s-openapi` depend on versions of `base64` that
# have diverged significantly.
{ name = "base64" },
# `metrics` depends on an old versoin of `ahash`.
{ name = "ahash", version = "0.7" },
# syn v2 has been released and some libraries are slower to adopt it
{ name = "syn", version = "1.0" },
# `tower-http` (a transitive dep via `kubert`) depends on v2.x of `bitflags`,
# while pretty much the entire rest of the world is still on v1.x
{ name = "bitflags", version = "1.0" },
]
skip-tree = [
# `serde_json` and `h2` depend on diverged versions of `indexmap` (2.0.x and
# 1.9.x, respectively)
{ name = "indexmap" },
]

[sources]
Expand Down
10 changes: 5 additions & 5 deletions policy-controller/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,8 @@ anyhow = "1"
async-trait = "0.1"
drain = "0.1"
futures = { version = "0.3", default-features = false }
k8s-gateway-api = "0.11"
k8s-openapi = { version = "0.17", features = ["v1_20"] }
k8s-gateway-api = "0.13"
k8s-openapi = { version = "0.19", features = ["v1_20"] }
hyper = { version = "0.14", features = ["http1", "http2", "runtime", "server"] }
ipnet = { version = "2", default-features = false }
linkerd-policy-controller-core = { path = "./core" }
Expand All @@ -40,14 +40,14 @@ default-features = false
features = ["derive", "env", "std"]

[dependencies.kube]
version = "0.80"
version = "0.85"
default-features = false
features = ["admission", "derive"]

[dependencies.kubert]
version = "0.16"
version = "0.18"
default-features = false
features = ["clap", "index", "lease", "metrics", "runtime", "server"]
features = ["clap", "index", "lease", "metrics", "runtime", "server", "rustls-tls"]

[dependencies.tokio]
version = "1"
Expand Down
8 changes: 4 additions & 4 deletions policy-controller/k8s/api/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,11 @@ license = "Apache-2.0"
publish = false

[dependencies]
k8s-openapi = { version = "0.17", default-features = false, features = [
k8s-openapi = { version = "0.19", default-features = false, features = [
"v1_20",
] }
k8s-gateway-api = "0.11"
kube = { version = "0.80", default-features = false, features = [
k8s-gateway-api = "0.13"
kube = { version = "0.85", default-features = false, features = [
"client",
"derive",
"runtime",
Expand All @@ -19,7 +19,7 @@ ipnet = { version = "2.7", features = ["json"] }
schemars = "0.8"
serde = { version = "1", features = ["derive"] }
serde_json = "1"
serde_yaml = "0.8"
serde_yaml = "0.9"
thiserror = "1"
tokio = { version = "1", features = ["time"] }
tracing = "0.1"
9 changes: 7 additions & 2 deletions policy-controller/k8s/index/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,13 @@ ahash = "0.8"
anyhow = "1"
futures = { version = "0.3", default-features = false }
http = "0.2"
k8s-gateway-api = "0.11"
kubert = { version = "0.16", default-features = false, features = ["index"] }
k8s-gateway-api = "0.13"
kube = { version = "0.85", default-features = false, features = [
"client",
"derive",
"runtime",
] }
kubert = { version = "0.18", default-features = false, features = ["index"] }
linkerd-policy-controller-core = { path = "../../core" }
linkerd-policy-controller-k8s-api = { path = "../api" }
parking_lot = "0.12"
Expand Down
3 changes: 3 additions & 0 deletions policy-controller/k8s/index/src/inbound/http_route.rs
Original file line number Diff line number Diff line change
Expand Up @@ -227,6 +227,9 @@ impl RouteBinding {
Filter::RequestRedirect(filter)
}

api::HttpRouteFilter::ResponseHeaderModifier { .. } => {
bail!("ResponseHeaderModifier filter is not supported in Linkerd 2.13")
}
api::HttpRouteFilter::RequestMirror { .. } => {
bail!("RequestMirror filter is not supported")
}
Expand Down
2 changes: 1 addition & 1 deletion policy-controller/k8s/status/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ ahash = "0.8"
anyhow = "1"
# Fix for https://github.com/chronotope/chrono/issues/602
chrono = { version = "0.4.24", default-features = false, features = ["clock"] }
kubert = { version = "0.16", default-features = false, features = [
kubert = { version = "0.18", default-features = false, features = [
"index",
"lease",
] }
Expand Down
20 changes: 10 additions & 10 deletions policy-controller/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ use clap::Parser;
use futures::prelude::*;
use k8s::{api::apps::v1::Deployment, Client, ObjectMeta, Resource};
use k8s_openapi::api::coordination::v1 as coordv1;
use kube::api::{ListParams, PatchParams};
use kube::{api::PatchParams, runtime::watcher};
use kubert::LeaseManager;
use linkerd_policy_controller::{
grpc, inbound, index_list::IndexList, k8s, outbound, Admission, ClusterInfo, DefaultPolicy,
Expand Down Expand Up @@ -167,13 +167,13 @@ async fn main() -> Result<()> {

// Spawn resource watches.

let pods =
runtime.watch_all::<k8s::Pod>(ListParams::default().labels("linkerd.io/control-plane-ns"));
let pods = runtime
.watch_all::<k8s::Pod>(watcher::Config::default().labels("linkerd.io/control-plane-ns"));
tokio::spawn(
kubert::index::namespaced(inbound_index.clone(), pods).instrument(info_span!("pods")),
);

let servers = runtime.watch_all::<k8s::policy::Server>(ListParams::default());
let servers = runtime.watch_all::<k8s::policy::Server>(watcher::Config::default());
let servers_indexes = IndexList::new(inbound_index.clone())
.push(status_index.clone())
.shared();
Expand All @@ -182,34 +182,34 @@ async fn main() -> Result<()> {
);

let server_authzs =
runtime.watch_all::<k8s::policy::ServerAuthorization>(ListParams::default());
runtime.watch_all::<k8s::policy::ServerAuthorization>(watcher::Config::default());
tokio::spawn(
kubert::index::namespaced(inbound_index.clone(), server_authzs)
.instrument(info_span!("serverauthorizations")),
);

let authz_policies =
runtime.watch_all::<k8s::policy::AuthorizationPolicy>(ListParams::default());
runtime.watch_all::<k8s::policy::AuthorizationPolicy>(watcher::Config::default());
tokio::spawn(
kubert::index::namespaced(inbound_index.clone(), authz_policies)
.instrument(info_span!("authorizationpolicies")),
);

let mtls_authns =
runtime.watch_all::<k8s::policy::MeshTLSAuthentication>(ListParams::default());
runtime.watch_all::<k8s::policy::MeshTLSAuthentication>(watcher::Config::default());
tokio::spawn(
kubert::index::namespaced(inbound_index.clone(), mtls_authns)
.instrument(info_span!("meshtlsauthentications")),
);

let network_authns =
runtime.watch_all::<k8s::policy::NetworkAuthentication>(ListParams::default());
runtime.watch_all::<k8s::policy::NetworkAuthentication>(watcher::Config::default());
tokio::spawn(
kubert::index::namespaced(inbound_index.clone(), network_authns)
.instrument(info_span!("networkauthentications")),
);

let http_routes = runtime.watch_all::<k8s::policy::HttpRoute>(ListParams::default());
let http_routes = runtime.watch_all::<k8s::policy::HttpRoute>(watcher::Config::default());
let http_routes_indexes = IndexList::new(inbound_index.clone())
.push(outbound_index.clone())
.push(status_index.clone())
Expand All @@ -219,7 +219,7 @@ async fn main() -> Result<()> {
.instrument(info_span!("httproutes")),
);

let services = runtime.watch_all::<k8s::Service>(ListParams::default());
let services = runtime.watch_all::<k8s::Service>(watcher::Config::default());
let services_indexes = IndexList::new(outbound_index.clone())
.push(status_index.clone())
.shared();
Expand Down
6 changes: 3 additions & 3 deletions policy-test/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@ anyhow = "1"
hyper = { version = "0.14", features = ["client", "http2"] }
futures = { version = "0.3", default-features = false }
ipnet = "2"
k8s-gateway-api = "0.11"
k8s-openapi = { version = "0.17", features = ["v1_20"] }
k8s-gateway-api = "0.13"
k8s-openapi = { version = "0.19", features = ["v1_20"] }
linkerd-policy-controller-core = { path = "../policy-controller/core" }
linkerd-policy-controller-k8s-api = { path = "../policy-controller/k8s/api" }
maplit = "1"
Expand All @@ -25,7 +25,7 @@ tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["env-filter"] }

[dependencies.kube]
version = "0.80"
version = "0.85"
default-features = false
features = ["client", "openssl-tls", "runtime", "ws"]

Expand Down
2 changes: 1 addition & 1 deletion policy-test/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -392,7 +392,7 @@ async fn await_service_account(client: &kube::Client, ns: &str, name: &str) {
tokio::pin! {
let sas = kube::runtime::watcher(
kube::Api::<k8s::ServiceAccount>::namespaced(client.clone(), ns),
kube::api::ListParams::default(),
Default::default(),
);
}
loop {
Expand Down

0 comments on commit 2ab21b6

Please sign in to comment.